[pkg-php-pear] Bug#1073931: composer: security update broke feature branches
David Prévot
taffit at debian.org
Fri Jun 21 11:11:27 BST 2024
Hi,
Le Fri, Jun 21, 2024 at 09:38:02AM +0200, David Prévot a écrit :
> Le Thu, Jun 20, 2024 at 01:59:17PM +0200, Heiko Przybyl a écrit :
> > Package: composer
> > Version: 2.0.9-2+deb11u3
> > Severity: grave
> > Justification: renders package unusable
> […]
> Thanks a lot for the simple PoC, I confirm I can reproduce it on
> Bullseye (but not Bookworm). It unfortunately wasn’t caught in our
> reduced CI (dropping some Git related tests because we don’t import the
> Git repository in the package source).
Actually, the regression is not caught in our CI even after enabling the
git specific tests. Anyway, I’ve prepared a simple fix, and checked that
it passes your initial PoC.
https://salsa.debian.org/php-team/pear/composer/-/commit/d0afe63d8f479efd53e758038e698434690837e9#e68620b08c404229f65131e687b1122b71914f4b_0_31
https://people.debian.org/~taffit/composer/composer_2.0.9-2+deb11u4_all.deb
Can you confirm it works for you?
Thanks in advance.
Regards,
taffit
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20240621/2882692c/attachment-0001.sig>
More information about the pkg-php-pear
mailing list